One of the most worrying news that was recently broadcast is the ability of the secret services to break the firmware of a hard drive. by malicious code flashing. Kaspersky researchers who have unveiled the new type of espionage tool say it is "better than anything else" they have seen to date.
Το hacking εργαλείο, πιστεύεται ότι είναι ένα product της NSA, και είναι ιδιαίτερα σημαντικό, καθώς η παραβίαση του firmware δίνει στους επιτιθέμενους τον πλήρη έλεγχο ενός συστήματος. Ονομάζεται “nls_933w.dll”, και είναι το πρώτο του είδους του που χρησιμοποιεί και τις two spyware platforms (EquationDrug and GrayFish) discovered by Kaspersky.
But worrying is that it can create an invisible storage space on the victim's hard disk to hide the data stolen from the system. So the attackers can retrieve them later. This allows attackers to intercept files even from encrypted discs. How;
When the computer is running, the data is decrypted. At that time, it is very easy to make copies at the very bottom of the disk that is not encrypted.
How it works
Hard disks have a controller, which is essentially a mini-computer, that includes a flash memory chip or ROM, where the firmware code for the hard disk operation is.
A Trojan firmware allows attackers to stay in the system even if the software is updated. From then on, the malicious code can not be eliminated. Even if the victim believes that his computer is infected, and performs a new installation of the operating system, the malicious code on the firmware remains intact.
According to the researchers, the firmware can be installed in many different hard disk chips, such as IBM, Seagate, Western Digital, and Toshiba.
The ROM chip containing the software includes a small storage space that remains unused. If the ROM chip is 2 MB, the software can fit into 1,5 MB, leaving half a megabyte of unused space that can be used to hide data from the attackers.
So super hackers don't need passwords access, if they can copy the entire directory from the operating system to a hidden location to access later. But how since the space left free by firmware είναι πάρα πολύ μικρός. Έτσι, οι επιτιθέμενοι χρειάζονται ένα μεγαλύτερο secret χώρο για αποθήκευση. Ευτυχώς γι ‘αυτούς, υπάρχει. Υπάρχουν μεγάλα sectors του δίσκου που είναι αχρησιμοποίητα και θα μπορούσαν να χρησιμοποιηθούν για την κρυφή αποθήκευση δεδομένων, ακόμη και εκείνων που ενδέχεται να έχουν διαγραφεί από το σύστημα.
A interest .pdf published in February 2013, by Ariel Berkman states: “there are sectors that not only can not be accessed through standard tools, but also remain inaccessible to antivirus software. ”
Berkman, according to Wired, reports that a particular Western Digital disk model has 141 MB designed for a system service area but only uses 12 MB from it, leaving the rest free for hidden storage.
